1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
20 package org.apache.myfaces.orchestra.conversation;
21
22 import org.apache.myfaces.orchestra.requestParameterProvider.RequestParameterProvider;
23
24 /**
25 * Adds the required fields (conversationContext) to the request parameters.
26 * <p>
27 * This ensures that every URL in the generated page contains the current
28 * conversation context id as a query parameter. When the request is submitted to the
29 * server this query parameter is then used to select the correct ConversationContext
30 * instance from the user session (ie the set of Conversation objects that are associated
31 * with this particular window).
32 */
33 public class ConversationRequestParameterProvider implements RequestParameterProvider
34 {
35 private final static String[] NO_PARAMETERS = new String[0];
36
37 private final static String[] REQUEST_PARAMETERS = new String[]
38 {
39 ConversationManager.CONVERSATION_CONTEXT_PARAM
40 };
41
42 private final static ThreadLocal inSeparationModeThreadLocal = new ThreadLocal();
43
44 /**
45 * Update a threadlocal flag indicating whether URLs written to the
46 * response page should have the special ConversationContext query
47 * parameter added to them or not.
48 * <p>
49 * Defaults to false (no separation), which means that urls ARE modified.
50 * <p>
51 * This can be called by a component before rendering its children in order to
52 * skip this url mangling. Any code that calls this method is responsible for
53 * restoring the original value at the appropriate time. This is very important,
54 * because this is a thread-local value that will be inherited by whatever
55 * request this pooled thread is reused for!
56 */
57 public static void setInSeparationMode(boolean separationMode)
58 {
59 // TODO: consider using a request-scope variable rather than a
60 // ThreadLocal; less damage if the flag is not reset..
61 inSeparationModeThreadLocal.set(separationMode ? Boolean.TRUE : Boolean.FALSE);
62 }
63
64 /**
65 * Returns true if URLs should be written out unmodified, false if they should
66 * have the conversation context id appended as a query parameter.
67 */
68 public static boolean isInSeparationMode()
69 {
70 return Boolean.TRUE.equals(inSeparationModeThreadLocal.get());
71 }
72
73 public String getFieldValue(String field)
74 {
75 if (isInSeparationMode())
76 {
77 return null;
78 }
79
80 ConversationManager conversationManager = ConversationManager.getInstance();
81 if (conversationManager == null)
82 {
83 throw new IllegalStateException("can find the conversationManager");
84 }
85
86 // fetch the conversation context, creating one if it does not yet exist.
87 ConversationContext ctx = conversationManager.getOrCreateCurrentConversationContext();
88 return Long.toString(ctx.getId(), Character.MAX_RADIX);
89 }
90
91 //TODO: theoretical security problem here as something can call this method then
92 // modify the 0th element of the returned array. If this library is deployed at the
93 // "shared" level, that means that one webapp can cause a "denial of service" or
94 // similar against other webapps in the container by changing this critical field.
95 // Not a very important flaw, but nevertheless...
96 public String[] getFields()
97 {
98 if (isInSeparationMode())
99 {
100 return NO_PARAMETERS;
101 }
102
103 return REQUEST_PARAMETERS;
104 }
105 }